[Bug 613198] CVE-2010-2520 freetype: heap buffer overflow vulnerability in truetype bytecode support
bugzilla at redhat.com
bugzilla at redhat.com
Tue Jul 13 12:27:16 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=613198
--- Comment #6 from Nicolas Mailhot <nicolas.mailhot at laposte.net> 2010-07-13 08:27:15 EDT ---
(In reply to comment #1)
> Provided we never enable truetype bytecode support (doubtful since it's
> patented) this won't affect any version of freetype we ship.
The patents have expired and it was enabled (briefly) in Fedora
It's disabled again for non-legal reasons (enabling it disables the autohinter,
we'd like it to be enabled for glyphs with hints, and autohint the rest)
Therefore, it would be a good idea to fix it preventively before it is enabled
again
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fonts-bugs
mailing list